Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
class HooksController < ApplicationController
def handle_webhook
payload = request.body.read
sig_header = request.headers["X-Hub-Signature"]
sig_header.slice! "sha1="
app_secret = Figaro.env.FB_APP_SECRET
sign = get_sha_sign(payload, app_secret)
if sign != sig_header
raise BaseError::InvalidRequest.new("Invalid Signature")
end
render plain: "OK"
end
private
def get_sha_sign(payload, app_secret)
return OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), app_secret.encode("ASCII"), payload.encode("ASCII"))
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment